Prioritizing authentication pkts & resending failed EAPOL pkts?

Jouni Malinen j at w1.fi
Thu Feb 3 17:57:07 EST 2011


On Thu, Feb 03, 2011 at 12:18:56PM -0800, Ben Greear wrote:
> So first question:  Is the auth traffic prioritized over regular traffic?

That depends on the driver, so this is somewhat of an incorrect mailing
list for that question.. Anyway, many management frame subtypes are
often sent at higher priority when QoS/WMM is enabled.

> Second:  Any idea how to go about fixing up the retransmit logic per
> this TODO:
> 
> 		/* TODO: re-send EAPOL-Key couple of times (with short delay
> 		 * between them?). If all attempt fail, report error and
> 		 * deauthenticate STA so that it will get new keys when
> 		 * authenticating again (e.g., after returning in range).
> 		 * Separate limit/transmit state needed both for unicast and
> 		 * broadcast keys(?) */

Are you really looking at IEEE 802.1X and dynamic WEP keys? Sounds kind
of pointless in this day and age with all the security issues identified
with WEP. WPA/WPA2 4-way handshake do retransmit EAPOL-Key frames even
without the lowlevel ack since the station needs to reply to the frames.

> Here's a filtered part of the log showing ack-failure msgs...
> 
> 1296763802.180575: 1296763802.365012: IEEE 802.1X: 00:0c:42:61:00:78 TX status - version=2 type=3 length=95 - ack=0

These frames are retransmitted at higher layer by the WPA/WPA2 4-way
handshake authenticator, i.e., the comment above does not apply for
these.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list